1 / 30

Attacks on Android Clipboard DIMVA 11 th | July 10-11, 2014

Attacks on Android Clipboard DIMVA 11 th | July 10-11, 2014. Xiao Zhang and Wenliang Du <xzhang35, wedu @syr.edu> Dept. of Electrical Engineering & Computer Science Syracuse University. Roadmap. Background Motivation & Findings Attacks Manipulation Stealing Discussion Conclusion.

walker-mitchell
Download Presentation

Attacks on Android Clipboard DIMVA 11 th | July 10-11, 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attacks on Android ClipboardDIMVA 11th | July 10-11, 2014 Xiao Zhang and Wenliang Du <xzhang35, wedu @syr.edu> Dept. of Electrical Engineering & Computer Science Syracuse University

  2. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 1/29

  3. Android Ecosystem Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 2/29

  4. Android Clipboard • Easy Access • Powerful Capabilities Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 3/29

  5. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 4/29

  6. Threat Model • Assumption: Malicious app installed on the same device as the victim app; • Categorized based on malicious behavior • Manipulation • Stealing Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 5/29

  7. Findings • Sample Collections • Benign: ~ 16,000 from Google Play in July 2012 • Malware: 3,987 from different resources • Result 1,180 60 8 384 Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 6/29

  8. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 7/29

  9. JavaScript Injection --- Mobile Browsers • Attack Flow Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 8/29

  10. JavaScript Injection --- Mobile Browsers • Feasibility Study Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 9/29

  11. JavaScript Injection --- Mobile Browsers • Damage Study • Session Hijacking • Confused Deputy • Integrity Compromise • Privacy Leakage Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 10/29

  12. JavaScript Injection --- Additional Channel • Cross-site scripting (XSS) Attack • One PhoneGap app with 1,000,000 installs • Cross Origin Invocation Attack • Android scheme mechanism • Dropbox, Facebook Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 11/29

  13. JavaScript Injection --- Dynamic Page Construction • PhoneGap apps • New platform • Few security concerns • No server side • Manual Analysis • Case study: Get It Done Task List Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 12/29

  14. JavaScript Injection --- SQL-Type Code Injection • How does it work? • Observations: • WebView component • Patterned JS: pre-defined code + user input • No scrutinizing Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 13/29

  15. JavaScript Injection --- SQL-Type Code Injection • JSGuard • Based on Androguard • 160 LOC written in python • Challenges • API Identification • JS Pattern Identification • Vulnerability Identification Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 14/29

  16. JavaScript Injection --- SQL-Type Code Injection • Result • 16,000 apps, 42 hours, 20 sec/app • 58% uses loadUrl() • 9.4% with patterned JS • Randomly selected 100 candidates, 2 vulnerable apps found Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 15/29

  17. JavaScript Injection --- SQL-Type Code Injection • Case Studies Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 16/29

  18. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 17/29

  19. Command Injection --- Android Terminals • Categorization • Remote Terminal • Device Terminal • Combined Terminal • Systematic Study Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 18/29

  20. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 19/29

  21. Phishing Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 20/29

  22. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 21/29

  23. Stealing • Functionality Demand • The Risk • Study Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 22/29

  24. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 23/29

  25. Discussion --- Potential Solutions • User Perspective: Notification • Developer Perspective: Permission Request • System Perspective: • Mandatory Access Control • SEAndroid • FlaskDroid Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 24/29

  26. Discussion --- Related Work • Desktop Clipboard Security • Self-XSS, Clipboard Hijacking • Similarity: Attack via Clipboard • Difference: • Platform • Attack Efforts • Attack Surface • Solutions Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 25/29

  27. Discussion --- Related Work • Android Clipboard Security • Generic vs. Specific • System Vulnerabilities • Privacy Protection • Privilege Restriction • Mandatory Access Control Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 26/29

  28. Roadmap • Background • Motivation & Findings • Attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Discussion • Conclusion Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 27/29

  29. Conclusion • Android Clipboard Security • Two groups of attacks • Manipulation • JavaScript Injection • Command Injection • Phishing • Stealing • Data Leakage • Future work • Manual effort -> automization • Potential solutions Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 28/29

  30. Thank You ! Questions? Attacks on Android Clipboard | DIMVA 11th | Egham, London, UK| July 10-11, 2014 29/29

More Related